Last month, Qualys security researchers in a variety of Unix-based Systems found on called the“Stack Clash”the vulnerability could allow an attacker on a UNIX system to gain root privileges and take over the attack computer. Currently security researchers discovered this flaw and are working with various suppliers as soon as possible publish a fix.
! [](/Article/UploadPic/2017-6/20176254419819. png? www. myhack58. com)
According to the Qualys researchers, this issue affects many UNIX systems, such as Linux, OpenBSD, And NetBSD, FreeBSD and Solaris. The researchers only tested the i386 and amd64 platforms on the Stack Clash, and not to the exclusion of other vendors and platforms may also be affected.
In fact, this problem as early as 2005 it was first discovered, then Linux introduction to cope with the protection mechanism of the Stack guard page in. And now the vulnerability of the core also is still since 2005 already knew the problem, after the patch after the repair the issue again in 2010, find and get the patch, and now the third discovery of the presence of vulnerabilities.
What is the Stack Clash vulnerabilities
This problem mainly relates to a memory stack: the stack memory is the app in the computer RAM in the execution of the code memory area. And as the application becomes larger, the memory area also“gone.”
Now the problem is that, when a stack memory to grow too much, that is too close to another procedure the stack memory may occur when you confuse the issues. Application of stack memory contact to the heap memory, if an attacker can inject some data and then operate the stack in memory to store information, he can cover part of the stack and hijack the application flow of execution, and accordingly, can even contact to the more important data structure.
From 2005 to 2010, and then to 2017, the researchers found has been by stack leaked code to deceive theoperating system. Currently, the Qualys researcher has disclosed a vulnerability proof-of-concept [see original report】, you can see the low-level code from the malicious application’s memory stack jump to have root access permissions of a legitimate application’s memory area.
In the present study, we found a stack clash vulnerabilities can still be exploited by attackers, although now there is a Stack guard page protection mechanisms, we still find a variety of use of methods, as shown below: